Difference: TWikiAccessControl (24 vs. 25)

Revision 252002-05-29 - PeterThoeny

Line: 1 to 1
 
Line: 112 to 112
 
  • DENYTOPICRENAME (in topic) overrides DENYWEBRENAME (in WebPreferences)
  • ALLOWTOPICRENAME (in topic) overrides ALLOWWEBRENAME (in WebPreferences)
Changed:
<
<

Restricting Web Access

>
>

Restricting Read Access

 
Changed:
<
<
You can prevent selected Users and Groups from accessing certain webs, by hiding them using restricting read access, or by requiring login. There are two basic methods, one simple, using standard preferences variables to hide a web, but offering low security, and a secure log-in approach that is currently a workaround, involving some minor script and filesystem modification.
>
>
You can define who is allowed to see a web.
 
Changed:
<
<

Create Hidden Webs

>
>

Deny Viewing by Topic

 
Changed:
<
<
You can prevent selected Users and Groups from viewing certain TWiki webs by setting one or both of these variables in each web's WebPreferences topic:
>
>
ALERT! Technically it is possible to restrict read access to an individual topic based on DENYTOPICVIEW / ALLOWTOPICVIEW preferences variables, provided that the view script is authenticated. However this setup is not recommended since all content is searchable within a web - a search will turn up view restricted topics.

Deny Viewing by Web

You can define restrictions of who is allowed to view a TWiki web. You can restrict access to certain webs to selected Users and Groups, by:

  • obfuscating webs: Insecure but handy method to hide new webs until content is ready for deployment.
  • authenticating all webs and restricting selected webs: Topic access in all webs is authenticated, and selected webs have restricted access.
  • authenticating and restricting selected webs only: Provide unrestricted viewing access to open webs, with authentication and restriction only on selected webs.

Obfuscate Webs

The idea is to keep a web hidden by not publishing its URL and by preventing the all webs search option from accessing obfuscated webs. Do so by enabling the NOSEARCHALL variable in WebPreferences:

  • Set NOSEARCHALL = on

This setup can be useful to hide a new web until content its ready for deployment.

ALERT! Obfuscating webs is insecure, as anyone who knows the URL can access the web.

Authenticate all Webs and Restrict Selected Webs

Use the following setup to authenticate users for topic viewing in all webs and to restrict access to selected webs:

  1. Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic:
 
  • Set DENYWEBVIEW = < list of Users and Groups >
  • Set ALLOWWEBVIEW = < list of Users and Groups >
Changed:
<
<
TIP If keeping a hidden web out of general use is a consideration, you can prevent the all webs search option from accessing hidden webs, by enabling the NOSEARCHALL variable in WebPreferences:
>
>
  1. Hide the web from an "all webs" search. Enable this restriction with the NOSEARCHALL variable in its WebPreferences topic:
 
  • Set NOSEARCHALL = on
Changed:
<
<
    • It is not recommended to restrict view access to individual topics since all content is searchable within a web.
    • HELPThis method only works if the view script is authenticated, which means that all Users have to login, even for read-only access. (An open guest account, like TWikiGuest, can get around this, allowing anyone to login to a common account with, for example, view-only access for public webs.) TWikiInstallationGuide has more on Basic Authentication, using the .htaccess file.
>
>
  1. Add view to the list of authenticated scripts in the .htaccess file.
 
Changed:
<
<
ALERT! Hiding webs is not very secure, as there is a way to circumvent the read access restriction. It can be useful in certain situations - for example, to simplify site organization and clutter, by hiding low traffic webs - but is not recommended for securing sensitive content. (See the next section for a more secure approach.)
>
>
HELP This method only works if the view script is authenticated, which means that all Users have to login, even for read-only access. (An open guest account, like TWikiGuest, can get around this, allowing anyone to login to a common account with, for example, view-only access for public webs.) TWikiInstallationGuide has more on Basic Authentication, using the .htaccess file.
 
Changed:
<
<

Create Authenticated Access By Web

>
>

Authenticate and Restricting Selected Webs Only

  Use the following setup to provide unrestricted viewing access to open webs, with authentication only on selected webs:
Changed:
<
<
  1. Omit the view script from the .htaccess file.
>
>
  1. Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic:
    • Set DENYWEBVIEW = < list of Users and Groups >
    • Set ALLOWWEBVIEW = < list of Users and Groups >
  2. Hide the web from an "all webs" search. Enable this restriction with the NOSEARCHALL variable in its WebPreferences topic:
    • Set NOSEARCHALL = on
 
  1. Enable the $doRememberRemoteUser flag in lib/TWiki.cfg as described in TWikiUserAuthentication. TWiki will now remember the IP address of an authenticated user.
  2. Copy the view script to viewauth (or better, create a symbolic link)
Changed:
<
<
  1. Add viewauth to the list of authenticated scripts in the .htaccess file.
>
>
  1. Add viewauth to the list of authenticated scripts in the .htaccess file. The view script should not be listed in the .htaccess file.

When a user accesses a web where you enabled view restriction, TWiki will redirect from the view script to the viewauth script once (this happens only if the user has never edited a topic). Doing so will ask for authentication. The viewauth script shows the requested topic if the user could log on and if the user is authorized to see that web.

ALERT! Authenticating webs is not very secure, as there is a way to circumvent the read access restriction. It can be useful in certain situations - for example, to simplify site organization and clutter, by hiding low traffic webs - but is not recommended for securing sensitive content.

 
Deleted:
<
<
  • When a user accesses a web where you enabled view restriction, TWiki will redirect from the view script to the viewauth script once (this happens only if the user has never edited a topic). Doing so will ask for authentication. The viewauth script shows the requested topic if the user could log on and if the user is authorized to see that web.
  • If you enable view restriction for a web, it is recommended to restrict search "all webs" from searching this web. Enable this restriction with the NOSEARCHALL variable in its WebPreferences, like:
    • Set NOSEARCHALL = on
  • It is not recommended to restrict view access to individual topics since all content is searchable within a web - a search will turn up the "hidden" topic.
 

Hiding Control Settings

 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 1999-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback
Note: Please contribute updates to this topic on TWiki.org at TWiki:TWiki.TWikiAccessControl.